# pad-database memcache
iptables -A INPUT -s 10.29.252.35/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -s 10.29.252.42/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -s 10.29.252.49/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -s 10.29.252.55/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -s 47.88.191.88/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 11211 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 11211 -j DROP


# pad-database mysql
iptables -A INPUT -s 10.29.252.35/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 10.29.252.42/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 10.29.252.49/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 10.29.252.55/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 47.88.191.88/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 3306 -j DROP


iptables -I INPUT 1 -s 47.88.191.88/32 -p tcp -m tcp --dport 3306 -j ACCEPT ## 可以指定在最前面插入

# pad-mongo1 27017
iptables -A INPUT -s 10.29.252.35/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 10.29.252.42/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 10.29.252.49/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 10.29.252.55/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 47.88.191.88/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 10.29.252.148/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 27017 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 27017 -j DROP

# pad-mongo1 27018
iptables -A INPUT -s 10.29.251.199/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 10.29.66.46/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 10.29.252.148/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 27018 -j DROP

# pad-mongo1 27019
iptables -A INPUT -s 10.29.251.199/32 -p tcp -m tcp --dport 27019 -j ACCEPT
iptables -A INPUT -s 10.29.66.46/32 -p tcp -m tcp --dport 27019 -j ACCEPT
iptables -A INPUT -s 10.29.252.148/32 -p tcp -m tcp --dport 27019 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 27019 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 27019 -j DROP


# pad-mongo2 27018
iptables -A INPUT -s 10.29.251.199/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 10.29.66.46/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 10.29.252.148/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 27018 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 27018 -j DROP
